rrweb icon indicating copy to clipboard operation
rrweb copied to clipboard

Published 20 hours ago verified publisher icon rrweb-io

Inline workers break CSP

Open piotrblasiak opened this issue 3 years ago • 4 comments

When using CSP (Content Security Policy), inline workers require the use of the script-src blob: policy which is a big no no and opens up the whole website for js injection. Would/is it be possible to load the worker scripts from hosted .js files somehow instead?

piotrblasiak avatar Nov 20 '20 09:11 piotrblasiak